[Arquivado] &nbspPc fecha janelas sozinho!

[RafaeL Icassati 2 0]

Bom dia!

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:47:06, on 19/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

C:\Arquivos de programas\Nero\Update\NASvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

C:\Arquivos de programas\qubnfe\qubnfe.exe

C:\Arquivos de programas\AVG\AVG10\avgtray.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\ARQUIV~1\AVG\AVG10\avgrsx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Arquivos de programas\AVG\AVG10\avgui.exe

C:\Arquivos de programas\AVG\AVG10\avgscanx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Edinho\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/acala3gp/{9B85928E-9612-4B1E-9682-4BDE6804F8D7}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/acala3gp/{9B85928E-9612-4B1E-9682-4BDE6804F8D7}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e4bb25c9000000000000000fea266e8a&tlver=1.4.19.19&affID=17160

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.com/web?q=&pr=auto&client_id=E1F784F001CBA5C00030F301&src_id=11491&camp_id=1482&tb_version=2.5.15000.521

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avgbrasil.com.br/br-pt.special-toolbar-first-run-tlbrf-v2

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbhelper.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Barra de ferramentas ALOT Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - (no file)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Barra de ferramentas ALOT - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)

O3 - Toolbar: Acala 3GP Movies FileBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [qubnfe] C:\Arquivos de programas\qubnfe\qubnfe.exe /auto

O4 - HKLM\..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Edinho\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: @C:\Arquivos de programas\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Arquivos de programas\Nero\Update\NASvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9557 bytes

[Power Max 54]

:) Olá Rafael!

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.alot.c...n=2.5.15000.521

 

R3 - URLSearchHook: (no name) - - (no file)

 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

O2 - BHO: Barra de ferramentas ALOT Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - (no file)

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

O3 - Toolbar: Barra de ferramentas ALOT - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)

___________________

 

:seta: Siga também estas dicas:

 

Tutorial do Ad-Remover

 

Tutorial do Malwarebytes Anti-Malware

______________________

 

:seta: Na sua próxima resposta poste um novo log do Hijackthis, o log do Ad-Remover que estará em C:\Ad-Report-CLEAN[1].log, o log do Malwarebytes e nos diga como está o seu PC após estes procedimentos.

 

Ficamos no aguardo.

[RafaeL Icassati 2 0]

Olá Antonio, primeiro lugar muito obrigado pelo suporte!

fiz o que me disse mas, ainda está fechando sozinho algumas janelas. segue os logs:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:09:02, on 22/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Nero\Update\NASvc.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Arquivos de programas\qubnfe\qubnfe.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG10\avgtray.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\ARQUIV~1\AVG\AVG10\avgrsx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Documents and Settings\Edinho\Desktop\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avgbrasil.com.br/br-pt.special-toolbar-first-run-tlbrf-v2

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Acala 3GP Movies FileBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [qubnfe] C:\Arquivos de programas\qubnfe\qubnfe.exe /auto

O4 - HKLM\..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Edinho\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @C:\Arquivos de programas\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Arquivos de programas\Nero\Update\NASvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 8574 bytes

 

 

 

 

 

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

 

Updated by TeamXscript on 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

 

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 23:08:12 on 21/08/2011, Normal boot

 

Microsoft Windows XP Professional Service Pack 3 (X86)

Edinho@EDINHO-DC88DFDF ( )

 

============== ACTION(S) ==============

 

 

File deleted: C:\WINDOWS\system32\ConduitEngine.tmp

Folder deleted: C:\Documents and Settings\Edinho\Dados de aplicativos\Mozilla\FireFox\Profiles\4gm8c969.default\conduit

Folder deleted: C:\Documents and Settings\Edinho\Dados de aplicativos\Mozilla\FireFox\Profiles\4gm8c969.default\ConduitEngine

Folder deleted: C:\Documents and Settings\Edinho\Dados de aplicativos\Mozilla\FireFox\Profiles\4gm8c969.default\extensions\engine@conduit.com

Folder deleted: C:\Documents and Settings\Edinho\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Documents and Settings\Edinho\Dados de aplicativos\Toolbar4

 

(!) -- Temporary files deleted.

 

 

-- File opened: C:\Documents and Settings\Edinho\Dados de aplicativos\Mozilla\FireFox\Profiles\4gm8c969.default\Prefs.js --

Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2780272");

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1172363/1168048/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1373759/1369418/BR", "\"0\"...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"")...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2780272", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2982026", ...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2780272",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2982026",...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2780272/CT2780272...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2982026/CT2982026...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...

Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=es", "\"634...

Line deleted: user_pref("CommunityToolbar.EngineHiddenByUser", true);

Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2805139");

Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{ba5844d2-b2c5-49eb-86f5-248d776a6f08}");

Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "uptodown");

Line deleted: user_pref("CommunityToolbar.IsEngineShown", false);

Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line deleted: user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://storage.conduit.com/MarketPlace/47/ca/47c...

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2805139");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba5844d2-b2c5-49eb-86f5-248d776a6f08}");

Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "uptodown");

Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");

Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 20 2011 17:22:00 GMT-03...

Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Aug 16 2011 23:04:02 GMT-0300 (Hora ...

Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);

Line deleted: user_pref("CommunityToolbar.alert.locale", "en");

Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Aug 16 2011 15:57:38 GMT-0300 (Hora ofic...

Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);

Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Line deleted: user_pref("CommunityToolbar.alert.userId", "73d9436c-b354-41b2-a893-8fd321372a14");

Line deleted: user_pref("CommunityToolbar.globalUserId", "9df0e635-7f24-4183-9eae-59bb12f1e845");

Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Line deleted: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Aug 09 2011 15:57:49 GMT-0300 (Hora oficial...

Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Apr 28 2011 11:25:45 GMT-0300 (Hora ofici...

Line deleted: user_pref("ConduitEngine.FirstServerDate", "04/20/2011 23");

Line deleted: user_pref("ConduitEngine.FirstTime", true);

Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);

Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);

Line deleted: user_pref("ConduitEngine.Initialize", true);

Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);

Line deleted: user_pref("ConduitEngine.InstalledDate", "Wed Apr 20 2011 17:22:05 GMT-0300 (Hora oficial do Brasil)...

Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);

Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);

Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);

Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 28 2011 16:21:33 GMT-0300 (Hora oficia...

Line deleted: user_pref("ConduitEngine.LastLogin_3.3.5.1", "Fri Apr 29 2011 15:40:40 GMT-0300 (Hora oficial do Bra...

Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 6);

Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Apr 29 2011 15:40:41 GMT-0300 (Hora oficial do...

Line deleted: user_pref("ConduitEngine.UserID", "UN57638834351578324");

Line deleted: user_pref("ConduitEngine.counterAppsAdded", 1);

Line deleted: user_pref("ConduitEngine.engineLocale", "pt-BR");

Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 28 2011 16:21:32 GMT-0300 (Hora ...

Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Apr 29 2011 15:40:40 GMT-0300 (Hora...

Line deleted: user_pref("ConduitEngine.initDone", true);

Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Line deleted: user_pref("ConduitEngine.usagesFlag", 2);

-- File closed --

 

 

Key deleted: HKLM\Software\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}

Key deleted: HKLM\Software\Classes\Conduit.Engine

Key deleted: HKLM\Software\Classes\Toolbar.CT2982026

Key deleted: HKCU\Software\alot

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{CA3EB689-8F09-4026-AA10-B9534C691CE0}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

 

 

============== ADDITIONNAL SCAN ==============

 

**** Mozilla Firefox Version [6.0 (pt-BR)] ****

 

HKLM_MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf (x)

Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=4c7421eb&v=7.007.026.001&i=23&tp=chrome&q={searchTerms}&lng=pt-BR&iy=&ychte=br/)

Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=e4bb25c9000000000000000fea266e8a&tlver=1.4.19.19&affID=17160/)

Searchplugins\buscape.xml (hxxp://busca.buscape.com.br/cprocura)

Searchplugins\mercadolivre.xml (hxxp://pmstrk.mercadolivre.com.br/jm/PmsTrk)

Searchplugins\wikipedia-br.xml (hxxp://pt.wikipedia.org/wiki/Especial:Busca)

Searchplugins\yahoo-br.xml (hxxp://br.search.yahoo.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|{1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Arquivos de programas\AVG\AVG10\Firefox4\

HKLM_Extensions|avg@igeared - C:\Arquivos de programas\AVG\AVG10\Toolbar\Firefox\avg@igeared

 

-- C:\Documents and Settings\Edinho\Dados de aplicativos\Mozilla\FireFox\Profiles\4gm8c969.default --

Extensions\ffxtlbr@babylon.com (Babylon)

Extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} (Acala 3GP Movies FileBulldog Toolbar)

Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} (Modulo de Seguranca - Banco do Brasil SA)

Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (DVDVideoSoft Menu)

Searchplugins\search.xml (?)

Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Edinho\\Desktop

Prefs.js - browser.search.defaultenginename, Yahoo

Prefs.js - browser.search.selectedEngine, Search

Prefs.js - browser.startup.homepage, hxxp://www.google.com.br/

Prefs.js - browser.startup.homepage_override.buildID, 20110811165603

Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

Prefs.js - keyword.URL, hxxp://search.babylon.com/?babsrc=toolbar2&q=

 

========================================

 

**** Internet Explorer Version [8.0.6001.18702] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll)

HKCU_SearchScopes\{0FD42A8C-73D8-4BC5-810E-F78C242C2A0B} - "Superdownloads" (hxxp://www.superdownloads.com.br/busca/{searchTerms}.html)

HKCU_SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} - "Busca ALOT" (hxxp://search.alot.com/web?q={searchTerms}&pr=prov&client_id=E1F784F001CBA5C0003...)

HKCU_SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} - "Search" (hxxp://www.bigseekpro.com/search/browser/acala3gp/{9B85928E-9612-4B1E-9682-4BDE6...)

HKCU_SearchScopes\{F1BE102E-967C-4855-87C9-10BB9702E94B} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=4c7421eb&v=6.103.18.1&i=23&tp=chrome&q={searchTer...)

HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll)

HKCU_Toolbar\WebBrowser|{338B4DFE-2E2C-4338-9E41-E176D497299E} (C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll)

HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll)

HKLM_Toolbar|{338B4DFE-2E2C-4338-9E41-E176D497299E} (C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll)

HKLM_ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\TbHelper2.exe (?)

HKLM_ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe (?)

HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)

BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)

BHO\{A3BC75A2-1F87-4686-AA43-5347D756017C} - "AVG Security Toolbar BHO" (C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll)

BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540008} - "GbIehObj Class" (C:\ARQUIV~1\GbPlugin\gbiehUni.dll)

BHO\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} - "SMTTB2009 Class" (C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll)

 

========================================

 

C:\Arquivos de programas\Ad-Remover\Quarantine: 139 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

 

C:\Ad-Report-CLEAN[1].txt - 21/08/2011 23:08:59 (15448 Byte(s))

 

End at: 23:20:56, 21/08/2011

 

============== E.O.F ==============

 

 

 

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7534

 

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

22/8/2011 10:50:17

mbam-log-2011-08-22 (10-50-17).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 185712

Time elapsed: 24 minute(s), 45 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[Power Max 54]

:) Vários problemas foram removidos.

___________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento. Ficamos no aguardo de sua resposta.

[RafaeL Icassati 2 0]

Obrigado pela ajuda.. O problema permanece.

 

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=d458af4b8dee0245b4902d3fc761212f

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-08-23 03:44:08

# local_time=2011-08-23 12:44:08 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1032 16777189 100 95 0 56424685 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=5276

# found=0

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:40:52, on 25/08/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Arquivos de programas\Nero\Update\NASvc.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Arquivos de programas\qubnfe\qubnfe.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Arquivos de programas\AVG\AVG10\avgtray.exe

C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\AVG\AVG10\avgnsx.exe

C:\Arquivos de programas\AVG\AVG10\avgemcx.exe

C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\ARQUIV~1\AVG\AVG10\avgrsx.exe

C:\Arquivos de programas\AVG\AVG10\avgcsrvx.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\TbHelper2.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Edinho\Desktop\Rafa\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avgbrasil.com.br/br-pt.special-toolbar-first-run-tlbrf-v2

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbhelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG10\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: Acala 3GP Movies FileBulldog Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Arquivos de programas\Acala 3GP Movies FileBulldog Toolbar\tbcore3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [qubnfe] C:\Arquivos de programas\qubnfe\qubnfe.exe /auto

O4 - HKLM\..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Edinho\Dados de aplicativos\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Arquivos de programas\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG10\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Arquivos de programas\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @C:\Arquivos de programas\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Arquivos de programas\Nero\Update\NASvc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 9042 bytes

[Power Max 54]

ESETSmartInstaller@High as CAB hook log:

# end=stopped

:seta: No log do Nod32 online está constando que ele foi parado antes que tivesse terminado. Faça por gentileza o escaneamento completo com ele e poste seu novo log aqui.

 

Ficamos na espera

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.